STP – Spanning Tree Protocol

This test checks that the Spanning Tree Protocol (STP) is not available on customer ports. If available, this protocol could be used to perform various attacks in the network, such as redirecting traffic or overloading devices.

No spanning-tree packets should be sent out on customer ports, and any spanning-tree packets received should be silently discarded.

Impact: DoS, MITM

Test process

Malicious listens for BPDU packets.

Malicious sends BPDU packets (on STP, RSTP, PVST, and MSTP) and keeps listening on the interface if the switch responds.